Contact Sales Sign in

Are your DomainKey/DKIM keys secure enough?

by John Alessi - October 26, 2012

If you are securing your outbound email with DomainKeys or DKIM, please be aware of the key-length you are using.  It has recently come to light that using DomainKeys or DKIM (DomainKeys Identified Mail) with key lengths of less than 1024-bit could enable others to forge messages from your domain. Stay vigilant against any DKIM attacks as well with preventative measures.

This is important to everyone, but especially important to domains that are likely to be used in phishing attacks, since a compromise of their keys could allow phishing email to seem even more legitimate.

If you would like to generate keys for your DomainKey and DKIM signing, the SocketLabs Domain Key and DKIM generator currently generates 1024-bit keys.  It is a free tool, have a blast!

[update 2012-11-07]  According to Return Path, Gmail will immediately begin failing DKIM keys less than or equal to 512-bits.

Related Posts

dkim vs domainkeys

DKIM Vs. DomainKeys

What is DomainKeys DomainKeys is a domain-level authentication standard that uses public/private key encryption, DNS, and multiple policies to prove the legitimacy and ...

SocketLabs - September 12, 2019
DKIM Replay Attacks

DKIM Replay Attacks: Preventive Measures to Protect Email Deliverability

Malicious actors are always looking for a means to get their spam into the inboxes of unsuspecting victims. Just recently we reported on how ...

Brian Godiksen - February 14, 2022

The Complete Guide to Email Authentication, Part 5

This is part 5 of an 8 part series on Email Authentication, to go to part one click here. DomainKeys DomainKeys is a domain-level authentication standard ...

SocketLabs - March 29, 2019